Re: show cdp

Determining the Layer 2 switching path is a little more difficult and may involvetracing cables. If you are using Cisco switches in your network, from the firewall youcan sniff and decode Cisco Discovery Protocol (CDP) frames from the switch attached tothe firewall with this command:

tcpdump -vn -s 1500 -i (interface) 'ether[20:2] == 0x2000'

Figure 1-6: tcpdump Decode of CDP Traffic

From your testing workstation, you can do something similar in Wireshark. Start acapture on your network interface and use the following filter:

eth.dst == 01:00:0c:cc:cc:cc

Figure 1-7: Wireshark Decode of CDP Traffic

The CDP traffic should tell you enough about the locally attached switch to identifyit. Keep in mind that there may be many other switches in the path between your testingworkstation and the firewall depending upon the architecture of your network; you needto discover them all. If they are Cisco switches and you can obtain command-line accessto them, running the Cisco IOS command show cdp neighbors is helpful foridentifying adjacent switches.

Depending on the vendor (and version) of the networking devices used in yourenvironment, they may be using the IEEE 802.1AB Link Layer Discovery Protocol(LLDP) instead of CDP. The Cisco command show lldp neighbors is helpful foridentifying adjacent switches; use this command to view and decode LLDP traffic:

tcpdump -vn -s 1500 -i (interface) ether proto 0x88cc

Determining the Layer 2 switching path is a little more difficult and may involvetracing cables. If you are using Cisco switches in your network, from the firewall youcan sniff and decode Cisco Discovery Protocol (CDP) frames from the switch attached tothe firewall with this command:
tcpdump -vn -s 1500 -i (interface) 'ether[20:2] == 0x2000'
Figure 1-6: tcpdump Decode of CDP Traffic
From your testing workstation, you can do something similar in Wireshark. Start acapture on your network interface and use the following filter:
eth.dst == 01:00:0c:cc:cc:cc
Figure 1-7: Wireshark Decode of CDP Traffic
The CDP traffic should tell you enough about the locally attached switch to identifyit. Keep in mind that there may be many other switches in the path between your testingworkstation and the firewall depending upon the architecture of your network; you needto discover them all. If they are Cisco switches and you can obtain command-line accessto them, running the Cisco IOS command show cdp neighbors is helpful foridentifying adjacent switches.
Depending on the vendor (and version) of the networking devices used in yourenvironment, they may be using the IEEE 802.1AB Link Layer Discovery Protocol(LLDP) instead of CDP. The Cisco command show lldp neighbors is helpful foridentifying adjacent switches; use this command to view and decode LLDP traffic:
tcpdump -vn -s 1500 -i (interface) ether proto 0x88cc

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third EditionNow Available at www.maxpowerfirewalls.com